none
How to let users to edit email address in user profile in Sharepoint 2010 using Integrated Windows Authentication

    Question

  • Under User profile in Sharepoint, I don't see a way to let users to edit their email address. Some email adresses will be outside of the company, assuming our Exchange server allow the Shaprepoint server to relay through. 

    Do we have to go to Claims based auth to gain this functionality (also to allow users to edit their Company name, Work Phone Number etc.)

    Would someone help? Thanks!

    Margaret

     


    mh
    Friday, February 11, 2011 9:20 PM

Answers

  • How are these external users accessing SharePoint then?  Are you saying that your EXTERNAL users are being given INTERNAL AD accounts and being allowed to come all the way into your network as if they are regular users?  Or, is this an external AD Forest/Domain in a DMZ, and your SharePoint farm is built in this external DMZ?  If you are letting external users get accounts in your internal AD, then that is very dangerous and surprising.  Why do you have an entire farm just for external people that isn't really used by internal people?  You're paying tons of money to let people outside the company collaborate without your own company being involved?  That seems very strange.

    CBA is not related and not an issue if these users have regular AD accounts in your internal domain.  This means they are regular users just like your internal folks.

    The domain admin shouldn't be lazy if you're providing this farm in a professional manner, imo.  I don't see how his choice to be lazy is able to drive the use of your farm - doesn't make much sense to me.  He should input all relevant info and keep it up-to-date in AD so that the profile sync can keep it all up-to-date and accurate in SharePoint, and so that this information is available to all other network resources that leverage AD.  If you rely on your external users to maintain their profile infodo it from SharePoint, then you will have incosistent profile data throughout your network unless you configure SharePoint to actually WRITE the profile changes back to AD from SharePoint, but that would be allowing external users to actually CHANGE DATA in your internal Active Directory, which seems absolutely crazy to me.  Not only is that a security concern, but you also leave room for human error...quite a lot of it.  That's not even mentioning the possibility of malicious intent.  Please reconsider this.

    If you want the users to be able to edit fields, then you just have to go to the People Service Application > Manage User Properties > Edit the property (e.g. Work e-mail), and change the Edit Settings radio button to "Allow users to edit values for this property."  Then, Work E-mail will be editable by the user.  However, you'll now want to make sure you're NOT doing a profile sync for external users, because user-defined values will get overwritten.  You would still want all internal user data to be synced, so I would suggest making a profile sync connection specifically for the internal user OU but not one for the external user OU.  This is assuming that your domain admin has at least created separate OUs for external users.


    SharePoint Architect || Microsoft MVP || My Blog
    Planet Technologies || SharePoint Task Force
    • Marked as answer by Margaret_Huang Monday, February 14, 2011 8:41 PM
    Monday, February 14, 2011 5:53 PM

All replies

  • Anyone would make a recommendation for a third party plug-in of Claims-based Authentication for Sharepoint 2010? We would like to let new user to fill a form of their personal information (i.e. name, phone, and email address) to feed their sharepoint profile, and create a new user account in SP (with an approval process), and then possibly to sync some fields to their AD user accounts. Is there such adds-on available on the market?

    I notice there are plenty of reference out there for implenting Claims based Auth using Windows Identity Foundation in Visual Studio. How much work should I expect? We are running to a short deadline to put the server in production. Would anyone point me some references if we could not find one, and have to implement it ourselve.

    Thanks!

     


    mh
    Friday, February 11, 2011 4:40 PM
  • Our current settng is using Integrated Windows Authentication. Under User profile in Sharepoint, I don't see a way to edit user's email address. Is there a way that we can activate the function to let users edit their email address (some email adresses will be outside of the company) so that the alerts (for content change etc.) will reach users; assuming our Exchange server allow the Shaprepoint server to relay through. Anyone help please...

     


    mh
    Friday, February 11, 2011 7:16 PM
    • First off, is this an extranet with users from outside the company?  They must be if you're saying that users will be from other comapnies with email address outside your company?  If so, then what is the setu pof your current farm?  Are you using CBA?  What kind?  FBA, ADFS with AD auth, or something else?  That's a lot of info we need to know first.
    • Are you using SharePoint Foundation or Server?  In Server, people would change their email addresses in their My Profile page, so you need to set up My Sites first.
    • Profile information comes from the profile sync, so is there a reason people would input their data on the front-end instead of it beieng set properly in the identity provider?  Why are people's emails and companies not correct in the identity provider being used for the authentication?

    SharePoint Architect || Microsoft MVP || My Blog
    Planet Technologies || SharePoint Task Force
    Saturday, February 12, 2011 1:43 AM
  • Thank you so much for your reply. Sorry, I didn't discribe my question clearly - I am a newbie to Sharepoint. I really appreciate your follow up, and will try my best to answer your question. But do let me know if I didn't...

    We are currently using Classic-mode authentication, type is Windows NTLM. First of all, do we have to change to CBA to let users to gain the functionality to edit their email address etc. 

    We have SP server 2010. The MySites has been configured. On edit my profile page, some fields are editable, such as About me, Mobile/home Phone, Fax, etc. But I don't see a field for email addresses. Is that field supposed to be brought in by AD information since we are using classic-mode?

    This is a SP portal we set up for general use for the users mostly from outside of our company (very small amount from internal). Our domain admin doesn't want deal too much with new users entries/user info change over the time. They just like to set up an AD user account, basically with their user name and password to let users to be authed to SP Portal. From this point, user will edit their profile themselves.

    Do we have to change to the claims-based mode?

    Please let me know if you need more infomation. Thanks a bunch!

     


    mh
    Monday, February 14, 2011 5:28 PM
  • How are these external users accessing SharePoint then?  Are you saying that your EXTERNAL users are being given INTERNAL AD accounts and being allowed to come all the way into your network as if they are regular users?  Or, is this an external AD Forest/Domain in a DMZ, and your SharePoint farm is built in this external DMZ?  If you are letting external users get accounts in your internal AD, then that is very dangerous and surprising.  Why do you have an entire farm just for external people that isn't really used by internal people?  You're paying tons of money to let people outside the company collaborate without your own company being involved?  That seems very strange.

    CBA is not related and not an issue if these users have regular AD accounts in your internal domain.  This means they are regular users just like your internal folks.

    The domain admin shouldn't be lazy if you're providing this farm in a professional manner, imo.  I don't see how his choice to be lazy is able to drive the use of your farm - doesn't make much sense to me.  He should input all relevant info and keep it up-to-date in AD so that the profile sync can keep it all up-to-date and accurate in SharePoint, and so that this information is available to all other network resources that leverage AD.  If you rely on your external users to maintain their profile infodo it from SharePoint, then you will have incosistent profile data throughout your network unless you configure SharePoint to actually WRITE the profile changes back to AD from SharePoint, but that would be allowing external users to actually CHANGE DATA in your internal Active Directory, which seems absolutely crazy to me.  Not only is that a security concern, but you also leave room for human error...quite a lot of it.  That's not even mentioning the possibility of malicious intent.  Please reconsider this.

    If you want the users to be able to edit fields, then you just have to go to the People Service Application > Manage User Properties > Edit the property (e.g. Work e-mail), and change the Edit Settings radio button to "Allow users to edit values for this property."  Then, Work E-mail will be editable by the user.  However, you'll now want to make sure you're NOT doing a profile sync for external users, because user-defined values will get overwritten.  You would still want all internal user data to be synced, so I would suggest making a profile sync connection specifically for the internal user OU but not one for the external user OU.  This is assuming that your domain admin has at least created separate OUs for external users.


    SharePoint Architect || Microsoft MVP || My Blog
    Planet Technologies || SharePoint Task Force
    • Marked as answer by Margaret_Huang Monday, February 14, 2011 8:41 PM
    Monday, February 14, 2011 5:53 PM
  • Thank you so much, Clayton. I fully agree with you!!!

    The server is not in our internal network. Thanks for clarifying the CBA part. I got through to the Manager User Properties in Central Admin.

    I will definitely take your sugguestions about the user data Sync. Thanks!


    mh

    Monday, February 14, 2011 8:44 PM
  • Please take a look at the Edit Settings and Property Mapping for Synchronization on the Central Administration->Manage Profile Service: User Profile Service Application->Manage User Profiles

    Monday, February 21, 2011 2:55 AM
  • is there a way to setup an administrator account that will be allowed to edit user settings from the list view?

    I have tried the farm admin account and site collection admin accounts and still user information is greyed out.  I know I can enable allow users to edit but thats what im trying to control. 

     

    Friday, May 18, 2012 2:53 PM